Pages

In a previous post I showed how to setup a highly available Loadbalancer using HAProxy, keepalived and Pound for SSL termination. In this post I'll demonstrate the same setup using Nginx [1].

The reason Nginx is a good load balancing solution for simpler setups is that it supports SSL termination out of the box and scales pretty well both horizontally and vertically. For what it lacks in features as compared to HAProxy, it makes up with better simplicity and extendibility through the use of modules.
First let's install it:

Line 4 enables IP session persistence.
Line 5 and 6 specify the back-end nodes that the traffic will be routed to.
Lines 10 and 16 make Nginx listen on ports 80 and 443.
Line 12 redirects all insecure traffic arriving on port 80 to port 443.
Lines 17, 18 and 19 specify the certificate and private key files that the load balancer will use for terminating the SSL sessions.
Line 23 inserts the original client IP in the X-Forwarded-For header of the HTTP packet that the back-end nodes can use to identify where the original request came from.

To generate a self signed cert and private key for use in your test environment perform the following:

Yes, that's going to be the floating IP, managed by keepalived. You can start Nginx on both servers, even though the IP is raised only on one of them, by having the following kernel option enabled: net.ipv4.ip_nonlocal_bind=1. This will allow services to start and bind to a non raised IP.